David,
to answer points 1 and 2: the only reasonably well known handle we
have is the MAC address. (yes, i know it too can be faked, but if somebody
wants to break in that bad, we are up to much more involved physical
security). you might set your dhcpd server to answer only to known mac
addresses, and to give fake data to unknown ones. at the same time dhcpd
might be coerced into sending an alert (or we could scan leased databse).
you might use the "good" mac to generate ssl keys and use those for
encryption / decryption.
the m-i-t-m attacks are prevented only to the extent that people
don't get to fake mac addresses. this has more to do with plant security
than with data.
julius
On 7 Oct 2002, David Johnston wrote:
> 1. Ideally, we could use IPSec to authenticate each *workstation* long
> before we ask for names or passwords. However, each workstation starts
> up without a key every time it starts (it either builds one, or gets it
> from a central server somehow). I think this means that we cannot use
> the IPSec keys to authenticate the workstation. How can we prove that
> the workstation isn't an outsider trying to get into our network?
>
> 2. How can we prevent man-in-the-middle attacks? Is it possible without
> workstation authentication?
>
> -David
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _____________________________________________________________________
> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> For additional LTSP help, try #ltsp channel on irc.openprojects.net
>
>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.openprojects.net
